remove attestation returned by makeCredential,

remove userEntity returned by getAssertion

remove attestation returned by makeCredential,
remove userEntity returned by getAssertion
47b33423 · Josh Ji · 8906f0a4 · 47b33423
Commit 47b33423 authored Aug 18, 2022 by Josh Ji
Hide whitespace changes
Inline Side-by-side

Showing with 94 additions and 93 deletions

src/main/java/com/josh/vku2f/CTAP2.java src/main/java/com/josh/vku2f/CTAP2.java +94 -93

No files found.
--- a/src/main/java/com/josh/vku2f/CTAP2.java
+++ b/src/main/java/com/josh/vku2f/CTAP2.java
@@ -559,7 +559,8 @@ public class CTAP2 extends Applet implements ExtendedLength {
 			// Attestation stuff
 			// Attestation statement format : 0x01
 			cborEncoder.writeRawByte((byte) 0x01);
-			cborEncoder.encodeTextString(Utf8Strings.UTF8_PACKED, (short) 0, (short) 6);
+//			cborEncoder.encodeTextString(Utf8Strings.UTF8_PACKED, (short) 0, (short) 6);
+			cborEncoder.encodeTextString(new byte[]{'n', 'o', 'n', 'e'}, (short) 0, (short) 4);

 			// Put the authenticatorData identifier(0x02) there
 			// Authenticator Data : 0x02
@@ -610,48 +611,48 @@ public class CTAP2 extends Applet implements ExtendedLength {

 			// Create a map with 3 things
 //            cborEncoder.startMap((short) 3);
-			cborEncoder.startMap((short) 4);
-			// Add the alg label
-			cborEncoder.encodeTextString(Utf8Strings.UTF8_ALG, (short) 0, (short) 3);
-			// Add the actual algorithm - -7 is 6 as a negative
-			cborEncoder.encodeNegativeUInt8((byte) 0x06);
-			// Add the actual signature, we should generate this
-			cborEncoder.encodeTextString(Utf8Strings.UTF8_SIG, (short) 0, (short) 3);
-
-			// Generate the signature, can't do this directly unfortunately.
-			// We sign over the client data hash and the attested data.
-			// AuthenticatorData is first. We noted down where it begins and know how long
-			// it is.
-			attestationKeyPair.update(dataBuffer, tempVars[7], (short) (tempCredential.getAttestedLen() + 37));
-			// The client data hash is next, which we use to finish off the signature.
-			tempVars[4] = attestationKeyPair.sign(authenticatorMakeCredential.dataHash, (short) 0, (short) authenticatorMakeCredential.dataHash.length, scratch, (short) 0);
-			// Create the byte string for the signature
-			cborEncoder.encodeByteString(scratch, (short) 0, tempVars[4]);
-			// Set the x509 cert now
-			cborEncoder.encodeTextString(Utf8Strings.UTF8_X5C, (short) 0, (short) 3);
-			// Supposedly we need an array here
-			cborEncoder.startArray((short) 1);
-			cborEncoder.encodeByteString(attestationKeyPair.x509cert, (short) 0, attestationKeyPair.x509len);
-
-			/**
-			 *     extension
-			 */
-			// add extension label
-			cborEncoder.encodeTextString(Utf8Strings.UTF8_EXTENSIONS, (short) 0, (short) Utf8Strings.UTF8_EXTENSIONS.length);
-
-			// add extension element
-			cborEncoder.startArray((short) 2);
-			// add HMAC
-//            cborEncoder.encodeTextString(Utf8Strings.UTF8_HMAC, (short)0, (short)Utf8Strings.UTF8_HMAC.length );
-			cborEncoder.encodeByteString(idSecret.hmac, (short) 0, (short) idSecret.hmac.length);
-//            // add Cx
-//            cborEncoder.encodeTextString(Utf8Strings.UTF8_Cx, (short)0, (short)Utf8Strings.UTF8_Cx.length);
-			cborEncoder.encodeByteString(idSecret.encryptedCx, (short) 0, (short) idSecret.encryptedCx.length);
-
-
-			/**
-			 *      end extension
-			 */
+			cborEncoder.startMap((short) 0);
+//			// Add the alg label
+//			cborEncoder.encodeTextString(Utf8Strings.UTF8_ALG, (short) 0, (short) 3);
+//			// Add the actual algorithm - -7 is 6 as a negative
+//			cborEncoder.encodeNegativeUInt8((byte) 0x06);
+//			// Add the actual signature, we should generate this
+//			cborEncoder.encodeTextString(Utf8Strings.UTF8_SIG, (short) 0, (short) 3);
+//
+//			// Generate the signature, can't do this directly unfortunately.
+//			// We sign over the client data hash and the attested data.
+//			// AuthenticatorData is first. We noted down where it begins and know how long
+//			// it is.
+//			attestationKeyPair.update(dataBuffer, tempVars[7], (short) (tempCredential.getAttestedLen() + 37));
+//			// The client data hash is next, which we use to finish off the signature.
+//			tempVars[4] = attestationKeyPair.sign(authenticatorMakeCredential.dataHash, (short) 0, (short) authenticatorMakeCredential.dataHash.length, scratch, (short) 0);
+//			// Create the byte string for the signature
+//			cborEncoder.encodeByteString(scratch, (short) 0, tempVars[4]);
+//			// Set the x509 cert now
+//			cborEncoder.encodeTextString(Utf8Strings.UTF8_X5C, (short) 0, (short) 3);
+//			// Supposedly we need an array here
+//			cborEncoder.startArray((short) 1);
+//			cborEncoder.encodeByteString(attestationKeyPair.x509cert, (short) 0, attestationKeyPair.x509len);
+//
+//			/**
+//			 *     extension
+//			 */
+//			// add extension label
+//			cborEncoder.encodeTextString(Utf8Strings.UTF8_EXTENSIONS, (short) 0, (short) Utf8Strings.UTF8_EXTENSIONS.length);
+//
+//			// add extension element
+//			cborEncoder.startArray((short) 2);
+//			// add HMAC
+////            cborEncoder.encodeTextString(Utf8Strings.UTF8_HMAC, (short)0, (short)Utf8Strings.UTF8_HMAC.length );
+//			cborEncoder.encodeByteString(idSecret.hmac, (short) 0, (short) idSecret.hmac.length);
+////            // add Cx
+////            cborEncoder.encodeTextString(Utf8Strings.UTF8_Cx, (short)0, (short)Utf8Strings.UTF8_Cx.length);
+//			cborEncoder.encodeByteString(idSecret.encryptedCx, (short) 0, (short) idSecret.encryptedCx.length);
+//
+//
+//			/**
+//			 *      end extension
+//			 */


 			// We're actually done, send this out
@@ -1089,9 +1090,9 @@ public class CTAP2 extends Applet implements ExtendedLength {

 		// Determine if we need 4 or 5 in the array
 		if (mapLength == 4) {
-			encoder.startMap((short) 4);
+			encoder.startMap((short) 3);
 		} else {
-			encoder.startMap((short) 5);
+			encoder.startMap((short) 3);
 		}

 		// Tag 1, credential data
@@ -1122,54 +1123,54 @@ public class CTAP2 extends Applet implements ExtendedLength {
 				(short) 69);
 		// Create the ByteString to put it into
 		cborEncoder.encodeByteString(scratch, (short) 69, tempVars[3]);
-		// Tag 4, user details
-		cborEncoder.encodeUInt8((byte) 0x04);
-		// Start the PublicKeyCredentialUserEntity map
-
-		// If we have "UV" enabled, then we do all the info we have.
-		if (authenticatorGetAssertion.options[1]) {
-			cborEncoder.startMap(assertionCredentials[nextAssertion[0]].userEntity.numData);
-			// We need to check what we have for users
-			// Iterate over the bit flags
-			boolean[] usrFlags = assertionCredentials[nextAssertion[0]].getPresentUser();
-			// This actually
-			if (usrFlags[2]) {
-				// Has the 'displayName' tag
-				cborEncoder.encodeTextString(Utf8Strings.UTF8_DISPLAYNAME, (short) 0, (short) 11);
-				cborEncoder.encodeTextString(assertionCredentials[nextAssertion[0]].userEntity.displayName.str, (short) 0,
-						assertionCredentials[nextAssertion[0]].userEntity.displayName.len);
-			}
-			if (usrFlags[1]) {
-				// The 'id' tag
-				cborEncoder.encodeTextString(Utf8Strings.UTF8_ID, (short) 0, (short) 2);
-				cborEncoder.encodeByteString(assertionCredentials[nextAssertion[0]].userEntity.id, (short) 0,
-						(short) assertionCredentials[nextAssertion[0]].userEntity.id.length);
-			}
-			if (usrFlags[0]) {
-				// The 'name'
-				cborEncoder.encodeTextString(Utf8Strings.UTF8_NAME, (short) 0, (short) 4);
-				cborEncoder.encodeTextString(assertionCredentials[nextAssertion[0]].userEntity.name.str, (short) 0,
-						assertionCredentials[nextAssertion[0]].userEntity.name.len);
-			}
-			if (usrFlags[3]) {
-				// Has the 'icon' tag
-				cborEncoder.encodeTextString(Utf8Strings.UTF8_ICON, (short) 0, (short) 4);
-				cborEncoder.encodeTextString(assertionCredentials[nextAssertion[0]].userEntity.icon, (short) 0,
-						(short) assertionCredentials[nextAssertion[0]].userEntity.icon.length);
-			}
-		} else {
-			// UV not enabled. Don't send extra info apart from the id field
-			cborEncoder.startMap((short) 1);
-			cborEncoder.encodeTextString(Utf8Strings.UTF8_ID, (short) 0, (short) 2);
-			cborEncoder.encodeByteString(assertionCredentials[nextAssertion[0]].userEntity.id, (short) 0,
-					(short) assertionCredentials[nextAssertion[0]].userEntity.id.length);
-		}
-
-		// Done tag 4
-		if (mapLength == 5) {
-			cborEncoder.encodeUInt8((byte) 0x05);
-			cborEncoder.encodeUInt8((byte) assertionCredentials.length);
-		}
+//		// Tag 4, user details
+//		cborEncoder.encodeUInt8((byte) 0x04);
+//		// Start the PublicKeyCredentialUserEntity map
+//
+//		// If we have "UV" enabled, then we do all the info we have.
+//		if (authenticatorGetAssertion.options[1]) {
+//			cborEncoder.startMap(assertionCredentials[nextAssertion[0]].userEntity.numData);
+//			// We need to check what we have for users
+//			// Iterate over the bit flags
+//			boolean[] usrFlags = assertionCredentials[nextAssertion[0]].getPresentUser();
+//			// This actually
+//			if (usrFlags[2]) {
+//				// Has the 'displayName' tag
+//				cborEncoder.encodeTextString(Utf8Strings.UTF8_DISPLAYNAME, (short) 0, (short) 11);
+//				cborEncoder.encodeTextString(assertionCredentials[nextAssertion[0]].userEntity.displayName.str, (short) 0,
+//						assertionCredentials[nextAssertion[0]].userEntity.displayName.len);
+//			}
+//			if (usrFlags[1]) {
+//				// The 'id' tag
+//				cborEncoder.encodeTextString(Utf8Strings.UTF8_ID, (short) 0, (short) 2);
+//				cborEncoder.encodeByteString(assertionCredentials[nextAssertion[0]].userEntity.id, (short) 0,
+//						(short) assertionCredentials[nextAssertion[0]].userEntity.id.length);
+//			}
+//			if (usrFlags[0]) {
+//				// The 'name'
+//				cborEncoder.encodeTextString(Utf8Strings.UTF8_NAME, (short) 0, (short) 4);
+//				cborEncoder.encodeTextString(assertionCredentials[nextAssertion[0]].userEntity.name.str, (short) 0,
+//						assertionCredentials[nextAssertion[0]].userEntity.name.len);
+//			}
+//			if (usrFlags[3]) {
+//				// Has the 'icon' tag
+//				cborEncoder.encodeTextString(Utf8Strings.UTF8_ICON, (short) 0, (short) 4);
+//				cborEncoder.encodeTextString(assertionCredentials[nextAssertion[0]].userEntity.icon, (short) 0,
+//						(short) assertionCredentials[nextAssertion[0]].userEntity.icon.length);
+//			}
+//		} else {
+//			// UV not enabled. Don't send extra info apart from the id field
+//			cborEncoder.startMap((short) 1);
+//			cborEncoder.encodeTextString(Utf8Strings.UTF8_ID, (short) 0, (short) 2);
+//			cborEncoder.encodeByteString(assertionCredentials[nextAssertion[0]].userEntity.id, (short) 0,
+//					(short) assertionCredentials[nextAssertion[0]].userEntity.id.length);
+//		}
+//
+//		// Done tag 4
+//		if (mapLength == 5) {
+//			cborEncoder.encodeUInt8((byte) 0x05);
+//			cborEncoder.encodeUInt8((byte) assertionCredentials.length);
+//		}

 	}